With the rapid adoption of virtual meeting platforms like Zoom over the past few years, the way we work has been transformed. These platforms are much more than a way to have a discussion and go beyond replacing phone conversations, users can share content, collaborate with people outside of their organization and use chat in-meeting. While the early stages of pandemic adoption were all about enabling workers and maintaining productivity, organizations are beginning to settle in and make streamlined decisions about which platforms to retain and how to secure them. The risk of insider threats and potential data loss, in addition to human error and carelessness can lead to any number of possible bad outcomes- data breaches, loss of intellectual property, and more.
One potential risk that creates gaps in virtual meeting safety is configuration drift. Configuration drift occurs naturally in software environments when changes to software settings and control options are made ad hoc and are not recorded or tracked in a comprehensive and systematic fashion. Because of the high volume, multi touch, distributed nature of the virtual workplace, configuration drift is a real challenge for stakeholders like Zoom administrators. Another key challenge for security personnel is the missing ability to have visibility into risky behaviors that occur in Zoom meetings, like screen sharing from individuals with access to sensitive, non-public data with individuals from outside the organization. While Zoom gives a great deal of insight and flexibility into it's management, there isn't a risk-centric way to track changes over time to configuration settings or a place to centralize the viewing of those settings correlated with risky behaviors.
With financial investment by Zoom, Theta Lake has pioneered in building this innovative new security module, free via the Zoom App Marketplace. Aligned with Zoom’s shared goal of “helping businesses and organizations bring their teams together in a frictionless environment to get more done,” Theta Lake MRM is based on a patented, unique set of abilities capable of addressing demand for advanced oversight and visibility into managing the security posture, settings, and activity of Zoom meetings. Importantly, this patented MRM technology works without bots, without recording of meeting content, and without retention of meeting content.
For UC teams and their security counterparts, Theta Lake MRM delivers a multi-faceted approach to Zoom security with posture monitoring, configuration drift tracking and enforcement features coupled with risk correlation scoring using meeting behavior data. For example, an alert and remediation option can be automatically generated if a positive setting like requiring authentication is changed. A higher risk score and alert can be upgraded for immediate escalation in real time for action if, for example, that authentication setting is changed, and an application desktop is shared in a Zoom meeting where unknown or unauthenticated users are present. Additionally, Zoom administrators can use MRM to generate reports on configuration changes over time to understand configuration drift and provide audit reports for security and governance.
Continuous security posture monitoring to easily discover all Zoom settings, receive recommended security configurations and track and report when settings are changed or poorly configured.
Configuration drift management for the long term tracking and reporting of how and when configurations have changed over time, to provide correlation with any potential downstream security or compliance risks.
New feature impact assessment to notify admins via concise reporting when new Zoom features are rolled out that may require a setting update for better security.
Troubleshooting and remediation recommendations for each discovered risk, such as recommended security setting updates, policy drift corrections, and suggested training for risk-prone users. Real-time risk monitoring and alerting for meeting attributes, risky meeting activities and inappropriate data sharing.
Risk correlation reporting through high-level visibility of Zoom settings matched to meeting environment attributes and behavior (e.g. a poor security setting on a meeting combined with screen sharing activity in that same meeting). This includes meeting risks over time, with the option to receive weekly, monthly, or custom reports on correlated meeting risks as well as the ability to alert on risky meetings in real time.
Risky Content and Conduct Detection allows a comprehensive approach to conducting deeper security and compliance surveillance on meeting content by adding Theta Lake’s additional modules to investigate and supervise risks in what was shared, shown, spoken, typed, or transferred in UC communications across video, voice, chat, and more.
With Theta Lake Meetings Risk Manager, Zoom administrators have the ability to gain visibility, centralize control and conduct risk assessments of their Zoom meeting environment. We’d encourage you to visit the Zoom App Marketplace and get started- for free!
Learn more about Theta Lake Compliance for Zoom: